异常检测中单类分类算法和免疫框架设计  被引量:5

One-class Classification and Immune Framework in Abnormal Detection

在线阅读下载全文

作  者:潘志松[1] 倪桂强[1] 谭琳[1] 胡谷雨[1] 

机构地区:[1]解放军理工大学指挥自动化学院,江苏南京210007

出  处:《南京理工大学学报》2006年第1期48-52,共5页Journal of Nanjing University of Science and Technology

基  金:中国第36批博士后基金;江苏省博士后基金;江苏自然科学基金(BK2005009)

摘  要:基于主机系统执行迹的异常检测系统可以检测类似U2R和R2L这两类攻击。由于攻击数据难以获取,往往只能得到正常的系统调用执行迹数据。该文设计了基于自组织特征映射的单类分类器的异常检测模型,只利用正常数据建立分类器,所有偏离正常模式的活动都被认为是入侵。通过对主机系统执行迹数据集的测试,试验获得了对异常样本接近100%的检测率,而误报警率为4.9%。该文将单类分类器作为抗体检测器,运用人工免疫学原理建立了分布式的异常检测框架,使入侵检测系统具有分布式、自组织和高效的特性,为建立分布式的入侵检测提出一种新的思路。The abnormal detection using sequences of system calls can detect the behaviors like the U2R (User to root) and R2L( Remote to Local). Administrators usually can only get the normal sequences of system calls due to the difficult acquisition to the attack data. The one-class classifier based on an improved self-organizing maps algorithm was designed to resolve the one-class problem in abnormal detection. All activities deviated from the normal patterns are classified as an intrusion. In the experiments, the one-class classifier acquires 100 % detection rate and 4.9 % false alarm rate for sequences of system calls. A framework for the distributed intrusion detection is given based on the artificial immune theory and the detector algorithm based on the one-class classification is designed and discussed. The framework of the intrusion detection system is distributed, self-organizing and efficient. The approach provides a new idea of the future intrusion detection system.

关 键 词:入侵检测 自组织特征映射 单类分类器 人工免疫学原理 

分 类 号:TP393.07[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象